Abuse under domain names
The intended purpose of this policy is to ensure that third parties understand what constitutes Abuse (specifically Domain Name related Abuse), as well as to provide information on how to submit such reports to INWX.
Provided below is a summary definition of what constitutes Domain Name Abuse:
1. Intellectual Property, Trademark, Copyright, and Patent Violations, including Piracy
Intellectual property (IP) is a term referring to a number of distinct types of creations of the mind for which a set of exclusive rights are recognized in the corresponding fields of law. Under intellectual property laws, owners are granted certain exclusive rights to a variety of intangible assets, such as musical, literary, and artistic works; discoveries and inventions; and words, phrases, symbols, and designs. Common types of intellectual property rights include copyrights, trademarks, patents, industrial design rights, and trade secrets in recognized jurisdictions. Any act resulting in theft, misuse, misrepresentation, or any other harmful act by any individual or a company is categorized as an Intellectual Property violation.
INWX acknowledges abuse reports from copyright holders or their legally authorized representables.
We will notify the site owner and, where appropriate, the web hosting provider for the site in question. Please note that the hosting provider may have its own policies on how to notify the website owner.
We also do understand that these matters may be open to interpretation, or may be in conflict with other aspects of law. For this reason, we will only take appropriate action where supporting evidence is compelling and clear. We do recognize the existence of various dispute resolution processes, and in case we suggest a dispute resolution if this is a more appropriate course of action.
Spamming is defined as the use of electronic messaging systems to send unsolicited bulk messages. The term also applies to email spam and similar abuses such as instant messaging spam, mobile messaging spam, and the spamming of web sites and Internet forums. Unsolicited emails advertising any products, services, and even charitable requests or requests for assistance are also considered spam by this policy.
As spamming can be done without the use of any domain names, the scope within this Abuse Policy is limited when submitting complaints about domain names. In most cases, you should verify email metadata and/or email header data, and report the issue to the carriage service which physically sends the spam. We are willing to examine how a domain name is being used for spamming purposes, and we may take any appropriate action where we can identify a close and substantial connection between the Spam Abuse and the Domain Name.
3. Phishing (and various forms of identity theft)
Phishing is usually done by operating a fake website that is meant to look like the actual website usually for the purpose of obtaining details by deception. As the domain name registrant could potentially have their web site compromised by a third party exploiting a security vulnerability, we may suspend the use of any domain name where Phishing has been confirmed to protect both the integrity of the Internet and in many cases, assist with protecting the registrant against any potential liability issues too.
4. Distribution of Viruses or Malware
Distribution of viruses or Malware most commonly occurs when a web server has been compromised by a perpetrator that has installed a virus or "malevolent" piece of software meant to infect computers attempting to use the web service. Infected computers are then security compromised to participate in criminal purposes such as gaining stored security credentials or personal identity information such as credit card data. Additionally compromised computers can sometimes be remotely controlled to inflict harm on other internet services.
If we receive such a confirmed report that a domain name under our sponsorship is being used for distributing Viruses or Malware, we may consider suspending the use of the domain name to protect the integrity of the Internet/DNS.
5. Using fast-flux techniques
A methodology for hiding multiple source computers delivering malware, phishing, or other harmful services behind a single domain hostname, by rapidly rotating associated IP addresses of the sources computers through related rapid DNS changes. This is typically done at DNS zones delegated below the level of a TLD DNS zone. For the purpose of protecting the integrity of the Internet/DNS, we may consider suspending the use of a domain name if it is proven that it is being used in such a method. We may perform our own tests to validate the use of these methods.
6. Pharming and DNS Hijacking
Redirection of DNS traffic from legitimate and intended destinations, by compromising the integrity of the relevant DNS systems. This leads unsuspecting Internet users to fraudulent web services and applications for nefarious purposes, such as illegally gaining login credentials to legitimate services. There are various methods of how Pharming/DNS hijacking is done. In many cases, this may be done without a domain name, however, if we receive such a report and the report identifies and close and substantial connection to the alleged abuse, we may consider suspending the domain name from the DNS.
Hacking constitutes illegally accessing computers, accounts, or networks belonging to another party, or attempting to penetrate security measures of other parties. It includes any activity that might be used as a precursor to an attempted system penetration. Due to continual developments in the domain name industry, it is unlikely that domain names are used or required for hacking. If evidence that a domain name is being used as a means for hacking, we may investigate these claims (upon being provided with sufficient explanation), and we are willing to take any action we deem appropriate including suspending the use of the domain name.
8. Illegal Pharmaceutical Distribution
Due to a variety of rules and regulatory requirements amongst various jurisdictions, we believe that the onus is on the registrant to comply with laws relevant to their jurisdiction that they are domiciled and within the laws of our jurisdiction, namely Spain.
This expressly includes, but is not limited to, the sale of prescription drugs without a prescription based on a prior in-person examination, except where such is expressly permitted by Applicable Laws; operating without legally required pharmacy licenses in the jurisdictions where drugs are offered to be shipped to; and the selling of unapproved drugs (e.g., falsified medicines, counterfeit drugs or drugs unapproved for sale). Where INWX is of the reasonable opinion that a domain is violating the applicable laws, then the domain will be suspended pending a full investigation, as far as the TLD policies allow it. You agree that marketing prescription drugs to a jurisdiction despite not being appropriately licensed to dispense prescription drugs there, or selling drugs online in a way that does not comply with Applicable Laws, constitutes fraud and is a violation of this agreement.
In the event that we receive a report in relation to an Illegal Pharmaceutical Distribution claim, we would immediately comply with any request to validate if the registrant is either a verifiable natural person or a legally constituted organization or legally verifiable entity. We will not immediately suspend and/or policy delete the domain name in the absence of solid evidence confirming that the registrant is acting unlawfully. With this in mind, if we receive a confirmed report from a recognized law enforcement agency or a court order from a competent court of law requesting our assistance to intervene, we would provide all necessary assistance, which may include surrendering our contact data, suspending and/or policy deleting the domain name record.
Where we can identify a rogue trader or a trader that deliberately conceals their identity, we may suspend or cancel the domain name registration in accordance with our Terms of Service.
9. Other Violations
Other violations that will be expressly prohibited include:
- Maintaining inaccurate contact details on the WHOIS record of the reported domain name
- Nominating a local presence service as a registrant proxy for the purpose of operating a “rogue” business
- Network attacks
- Illegal Adult/Pornographic content
- Distribution of malicious tools promoting or facilitating hacking, unsolicited bulk emails or SMS, fake anti-malware products, phishing kits, unauthorized data banks violating individual privacy rights
- Content that violates any export, re-export, or import laws and regulations of any jurisdiction
- Violation of any federal, state, or local rule, regulation or law, or for any unlawful purpose, or in a manner injurious to INWX, its service providers and partners, or their reputation, including but not limited to the above-mentioned activities mentioned as part of this policy
INWX prohibits unlawful use of a registered domain name or product/service we supply, in a manner that is harmful, threatening, abusive, harassing, defamatory, or hateful against another party. This includes, but is not limited to, hate speech, discrimination, or harassment on the basis of gender, religion, sexuality, or race. INWX reserves the right to suspend or delete any product or service that, after reasonable investigation, is deemed to be in breach of this clause.
10. Other Considerations
If an Abuse Report requests that we disclose confidential details provided by the domain registrant or requests the suspension of domain services due to a violation of our Terms of Service and it is not formally accompanied by a related written legal instrument of appropriate means and venue, additional supporting information may be requested by us in order to facilitate such a request.
INWX generally provides registrants with 5 days notice of a pending domain action due to a violation of our Terms of Service in order to provide them with the opportunity to remedy the alleged violation. If the registrant is not in violation of our Terms of Service at the end of the 5 day notice period, we may cancel any pending action and consider the matter resolved. This notice period may change depending on the circumstances.
In cases where you have asserted that you own copyright over material - we may not have the means to verify this assertion and in many cases, we lack the authority to verify claims of others or to verify the identity of the claimants (as is many times the case with copyright, trademark, service mark, and intellectual property matters). In these circumstances it may be more appropriate that you seek other means to file a dispute, which include, but are not limited to:
Uniform Domain Dispute Resolution Policy (uDRP)
Digital Millennium Copyright Act (i.e. filing a DMCA takedown)
ADR (Arbitration Center for .eu Disputes)
DISPUTE Entry with DENIC
Generally supporting information from you may/should include the following:
We may require your name, address, and email or telephone number (preferably both), depending on the circumstances. If you have legal counsel actively representing you in the matter, please include their contact information as well. If you provide false or misleading contact details, we may discard your report.
You must include specific details concerning the alleged Terms violation, including but not limited to:
- exact URL(s) where we can see the violation
- for matters where URLs cannot be used (i.e. spam and/or phishing allegations), copies of files used as part of the violation, and evidence as to their origins (i.e. emails including full headers).
- any other supporting evidence such as screen shots and/or server log files
The terms violation must currently be in active and verifiable use at the time we investigate the matter. If we cannot see/download/use/access the violation, then we cannot verify it. For example, if you report that malware is being distributed via a domain, but the reported URL where it is downloaded from/distributed does not work, then we cannot verify the violation. If the violation is restricted to certain subnets (eg: geographical region), information about supporting open proxies must be provided to ensure we can also verify such claims.
If requesting a domain suspension, it must be the proper course of action compared to other means/remedies. Taking down a whole domain is NOT the proper course of action if for example filing a DMCA takedown or an applicable lawsuit against the domain owner is more suitable.
When the domain in question is used to allegedly impersonate another entity as a means to commit fraud (i.e. as in a phishing scheme), the person filing the abuse report must:
a. legally represent the interests of the impersonated entity and/or
b. offer evidence of fraudulent solicitation (i.e. provide a copy of a phishing email with headers referencing the domain in question).
In certain cases you must be qualified to determine the violation of Terms and be associated with any parties affected by the outcome of any action taken. We will not act if you neither work for the affected party nor have their specific written consent to represent their interests in these matters. We will not suspend the domain because:
- it will probably be impossible or improbable to accurately identify you are who you say you are,
- you are not qualified to file this complaint since there is no way for you to know that the site does not have the affected parties permission and
- you are not associated with the affected party or the site publishing the information. In this case, you should bring your complaint to the affected party or the site supposedly violating the affected parties copyright.
Reservation of Rights
INWX expressly reserves the right to deny, cancel, suspend, lock or transfer any Domain Name registration that it deems necessary in its discretion:
- to protect the integrity and stability of the Internet and/or DNS
- to comply with any applicable laws, government rules or requirements, requests of law enforcement;
- in the event, a Domain Name is used in violation of these policies and any other policies regarding recognised domain name regulatory authorities and;
- in compliance with any dispute resolution process, or to avoid any liability, civil or criminal, on the part of INWX and its affiliates, licensors subsidiaries, officers, directors and employees